From enache@rdslink.ro  Mon Apr 28 18:35:18 2003
Return-Path: <enache@rdslink.ro>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9909E37B404
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 28 Apr 2003 18:35:17 -0700 (PDT)
Received: from mail.rdslink.ro (mail.rdslink.ro [193.231.236.20])
	by mx1.FreeBSD.org (Postfix) with SMTP id 0C2CE43F85
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 28 Apr 2003 18:35:16 -0700 (PDT)
	(envelope-from enache@rdslink.ro)
Received: (qmail 31430 invoked from network); 29 Apr 2003 01:38:01 -0000
Received: from unknown (HELO ratsnest.hole) (81.196.245.173)
  by mail.rdslink.ro with SMTP; 29 Apr 2003 01:38:01 -0000
Message-Id: <20030429013718.GA14503@ratsnest.hole>
Date: Tue, 29 Apr 2003 04:37:18 +0300
From: Enache Adrian <enache@rdslink.ro>
To: FreeBSD-gnats-submit@freebsd.org
Subject: uthreads bug: new opened files may get stale fcntl flags

>Number:         51535
>Category:       bin
>Synopsis:       uthreads bug: new opened files may get stale fcntl flags
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    ru
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Apr 28 18:40:13 PDT 2003
>Closed-Date:    Tue Jun 03 07:10:15 PDT 2003
>Last-Modified:  Wed Feb  4 09:30:07 PST 2004
>Originator:     Enache Adrian
>Release:        FreeBSD 5.0-CURRENT i386
>Organization:
none
>Environment:
System: FreeBSD ratsnest.hole 5.0-CURRENT FreeBSD 5.0-CURRENT #2: Tue Apr 15 15:15:34 EEST 2003 root@ratsnest.hole:/opt/tmp/CUBATAO i386

>Description:
	
In programs linked against libc_r:
- dup2'ing another file to one of the standard file descriptors
- doing his job with it and then closing it
- opening another file ( which will re-use the same fd )

will cause the latter to "inherit" the closed file's fcntl flags.

That defeats anyone trying to play with redirecting stdout to a
(write-only opened) file - the only "solution" is to leave it
open, if not you he not be able to read from any file after that.

Perl for instance does a lot of things like that: this bug seems to
be the cause why recent threaded builds on FreeBSD fail miserably.

It's probably caused by the code in _thread_fd_table_init()
(uthread/uthread_fd.c:127)

                        if ((fd < 3) && (_pthread_stdio_flags[fd] != -1))
                                /*
                                 * Use the stdio flags read by
                                 * _pthread_init() to avoid
                                 * mistaking the non-blocking
                                 * flag that, when set on one
                                 * stdio fd, is set on all stdio
                                 * fds.
                                 */
                                entry->flags = _pthread_stdio_flags[fd];

I'm using a very recent -CURRENT.
There are rumors that this bug is present also in FreeBSD 4.8, NetBSD 1.6
and recent OpenBSD, but I have no possibility to verify it.

>How-To-Repeat:
	
compile the following test program with -lc_r or -pthread and run it:

----------------------------------------------------------------------
#include <unistd.h>
#include <fcntl.h>

int main(int argc,char **argv)
{
	int fd,cnt;
	char buf[12] = "hallo baby!";
	if (!argv[1])
		errx(1,"usage: %s file",argv[0]);

	if ((fd = open(argv[1],O_WRONLY)) == -1)
		err(1,"open");

	if ((cnt = dup2(fd,1)) == -1)
		err(1,"dup2");

	if ((cnt = write(1,buf,12)) == -1)
		err(1,"write");

	if (close(1) == -1)
		err(1,"close");

	if ((fd = open(argv[1],O_RDONLY)) == -1)
		err(1,"open");

	if ((cnt = read(fd,buf,12)) == -1)
		err(1,"read");
	else
		warnx("read: %s", buf);
	return 0;
}
----------------------------------------------------------------------

$ cc -lc_r test.c -o test
$ ./test a
test: read: Bad file descriptor

>Fix:

Applying this patch definitely fixes it on my box:

----------------------------------------------------------------------
diff -rup /arc/freebsd/src/lib/libc_r/uthread/uthread_close.c ./uthread/uthread_close.c
--- /arc/freebsd/src/lib/libc_r/uthread/uthread_close.c	Sat Oct 26 08:22:30 2002
+++ ./uthread/uthread_close.c	Tue Apr 29 01:26:54 2003
@@ -96,6 +96,10 @@ _close(int fd)
 		_thread_fd_table[fd] = NULL;
 		free(entry);
 
+		/* drop stale pthread stdio flags */
+		if (fd < 3)
+			_pthread_stdio_flags[fd] = -1;
+
 		/* Close the file descriptor: */
 		ret = __sys_close(fd);
 	}
----------------------------------------------------------------------
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->patched 
State-Changed-By: ru 
State-Changed-When: Sat May 31 10:35:44 PDT 2003 
State-Changed-Why:  
Committed to HEAD, thanks! 


Responsible-Changed-From-To: freebsd-bugs->ru 
Responsible-Changed-By: ru 
Responsible-Changed-When: Sat May 31 10:35:44 PDT 2003 
Responsible-Changed-Why:  
MFC reminder. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=51535 
State-Changed-From-To: patched->closed 
State-Changed-By: ru 
State-Changed-When: Tue Jun 3 07:09:39 PDT 2003 
State-Changed-Why:  
Committed to RELENG_4, thanks again! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=51535 

From: "Burton M. Strauss III" <BStrauss@acm.org>
To: <freebsd-gnats-submit@FreeBSD.org>, <enache@rdslink.ro>
Cc:  
Subject: Re: bin/51535: uthreads bug: new opened files may get stale fcntl flags
Date: Wed, 4 Feb 2004 10:56:58 -0600

 Can you please clarify where this is FIXED?  And where it isn't?
 
 It's now six months after the PR was closed and my users are still running
 into this problem and having to use the work-around we've coded into the
 tool.
 
 I'm especially interested in 4.9-RELEASED but a full list would be greatly
 appreciated...
 
 Roughly, here's my population (FreeBSD only):
 
   count OS      Version
 ------- ------- --------------
     100 FreeBSD 4.9
      58 FreeBSD 5.1
      51 FreeBSD 5.2
      10 FreeBSD 4.8
       4 FreeBSD 4.6.2
 
 TIA!
 
 -----Burton
 

From: Ruslan Ermilov <ru@FreeBSD.org>
To: "Burton M. Strauss III" <BStrauss@acm.org>
Cc: bug-followup@FreeBSD.org
Subject: Re: bin/51535: uthreads bug: new opened files may get stale fcntl flags
Date: Wed, 4 Feb 2004 19:28:23 +0200

 On Wed, Feb 04, 2004 at 09:00:37AM -0800, Burton M. Strauss III wrote:
 >  Can you please clarify where this is FIXED?  And where it isn't?
 >  
    count OS      Version
  ------- ------- --------------
      100 FreeBSD 4.9    FIXED
       58 FreeBSD 5.1    BUGGY
       51 FreeBSD 5.2    FIXED
       10 FreeBSD 4.8    BUGGY
        4 FreeBSD 4.6.2  BUGGY
 
 
 Cheers,
 -- 
 Ruslan Ermilov
 FreeBSD committer
 ru@FreeBSD.org
>Unformatted:
